AI Sec Watch

CVE-2026-26164 is a vulnerability in Microsoft 365 Copilot caused by improper neutralization of special elements in output (a type of injection attack, where specially crafted input can be misinterpreted as commands). An attacker without authorization could exploit this to access and disclose information over a network.

CVE-2026-26129 is a vulnerability in Microsoft 365 Copilot where improper neutralization of special elements (failure to safely handle certain characters or code) allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 4.0, indicating moderate severity.

OpenAI announced GPT-5.5-Cyber, a specialized version of its latest AI model designed for cybersecurity teams, which is being released in limited preview to vetted partners. Unlike the standard GPT-5.5 model, this version has relaxed safety restrictions to make it easier for security professionals to use it for tasks like vulnerability identification (finding weaknesses in software), patch validation (checking if security updates work), and malware analysis (studying malicious software). This release comes one month after rival Anthropic launched Claude Mythos, a similar AI tool also restricted to select cybersecurity organizations.

i18nextify is a JavaScript library that enables website internationalization (support for multiple languages) through a simple script tag. Versions before 3.0.5 have a URL-injection vulnerability (where attackers can manipulate URLs by injecting special characters) because the library doesn't properly validate language and namespace values before using them in web requests, allowing attackers to exploit this if an application accepts user input for language selection.

Ollama, a popular framework for running AI models locally, has a critical vulnerability (CVE-2026-7482, called Bleeding Llama) that allows attackers to steal sensitive data like passwords, chat messages, and system secrets from over 300,000 exposed servers. The flaw lets unauthenticated attackers upload a specially crafted file that tricks Ollama into reading memory beyond its intended boundaries, and the vulnerability is easy to exploit because Ollama has no authentication enabled by default.

French prosecutors have escalated their investigation of Elon Musk and his social network X into a criminal probe, focusing on allegations of algorithmic manipulation (using computer programs to influence user feeds and information), spreading of nonconsensual sexually explicit deepfake images (synthetic media created without consent), and Holocaust denial content on X's AI chatbot Grok. Musk and former X CEO Linda Yaccarino were summoned to appear in April but declined to do so, and similar investigations are underway in other countries and by California authorities.

Google's Chrome browser automatically downloaded and installed Gemini Nano, a local AI model (an AI that runs directly on your computer rather than in the cloud) taking up about 4 GB of space, without clear user notification. Many users were unaware of this installation until recent reports highlighted the issue, raising concerns about transparency in how tech companies roll out AI features.

AI agent frameworks like Semantic Kernel, LangChain, and CrewAI let AI models control tools and plugins (software add-ons that perform actions like running scripts or accessing databases), but researchers discovered that prompt injection (tricking an AI by hiding instructions in its input) can turn into RCE (remote code execution, where an attacker runs commands on a system they don't own). Two critical vulnerabilities in Microsoft's Semantic Kernel (CVE-2026-25592 and CVE-2026-26030) could allow attackers to execute code on a host machine through malicious prompts.

This is a brief announcement of llm-gemini version 0.31, posted by Simon Willison on May 7, 2026. The content appears to be metadata and navigation elements from a blog or news site covering developments in large language models (LLMs, AI systems trained on vast amounts of text data) and Google's Gemini AI model, rather than detailed technical information about the release itself.